IBM Security QRadar Manager for YARA Rules app

IBM® Security QRadar® Manager for Yara Rules is an app that you can use to apply YARA rules to QRadar events, flows, and searches.

The IBM Security QRadar Manager for Yara Rules app includes the following key capabilities:

Import, edit, and manage existing YARA rules.
Scan raw payloads with YARA rules.
Scan QRadar events or flows with YARA rules.
Scan QRadar saved searches with YARA rules.

The IBM Security QRadar Manager for Yara Rules app uses the yara-python-4.1.2 library from https://github.com/VirusTotal/yara-python. The supported modules in the app are:

pe
elf
cuckoo
magic
hash
math
dotnet
time

The IBM Security QRadar Manager for Yara Rules app is supported on QRadar 7.3.3 patch 6 and later, and 7.4.1 patch 2 and later. The IBM Security QRadar Manager for Yara Rules app is not supported on QRadar 7.4.0.

The IBM Security QRadar Manager for Yara Rules app is supported on Google Chrome and Mozilla Firefox.